<%#
 Copyright 2013-2025 the original author or authors from the JHipster project.

 This file is part of the JHipster project, see https://www.jhipster.tech/
 for more information.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

      https://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-%>
# ===================================================================
# Spring Boot configuration for the "prod" profile.
#
# This configuration overrides the application.yml file.
#
# More information on profiles: https://www.jhipster.tech/profiles/
# More information on configuration properties: https://www.jhipster.tech/common-application-properties/
# ===================================================================

# ===================================================================
# Standard Spring Boot properties.
# Full reference is available at:
# https://docs.spring.io/spring-boot/appendix/application-properties/index.html
# ===================================================================

logging:
  level:
    ROOT: INFO
    tech.jhipster: INFO
<%_ if (packageName !== 'tech.jhipster') { _%>
    <%= packageName %>: INFO
<%_ } _%>
<%_ if (databaseTypeNeo4j) { _%>
    org.neo4j.driver: WARN
<%_ } _%>
<%_ if (serviceDiscoveryEureka) { _%>

eureka:
  instance:
    prefer-ip-address: true
  client:
    service-url:
      defaultZone: http://admin:${jhipster.registry.password}@localhost:8761/eureka/
<%_ } _%>

<%_ if (databaseTypeNeo4j) { _%>
org:
  neo4j:
    driver:
      pool:
        metrics-enabled: true
  <%_ if (!databaseMigrationLiquibase) { _%>
    migrations:
      locations-to-scan:
      packages-to-scan: <%= packageName %>.config.neo4j
      installed-by: <%= baseName %>
  <%_ } _%>
<%_ } _%>
management:
  prometheus:
    metrics:
      export:
        enabled: false
<%_ if (serviceDiscoveryAny || applicationTypeGateway || applicationTypeMicroservice) { _%>
  zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
    tracing:
      endpoint: http://localhost:9411/api/v2/spans
  tracing:
    sampling:
      probability: 1.0 # report 100% of traces
<%_ } _%>

spring:
  devtools:
    restart:
      enabled: false
    livereload:
      enabled: false
<%_ if (databaseTypeNeo4j) { _%>
  neo4j:
    pool:
      metrics-enabled: true
    uri: bolt://localhost:7687
    # Uncomment to use an authenticated connection
    # authentication:
    #   username: neo4j
    #   password: secret
<%_ } _%>
<%_ if (serviceDiscoveryEureka) { _%>
  cloud:
    config:
      retry:
        initial-interval: 1000
        max-interval: 2000
        max-attempts: 100
      uri: http://admin:${jhipster.registry.password}@localhost:8761/config
      # name of the config server's property source (file.yml) that we want to use
      name: <%= baseName %>
      profile: prod
      label: main # toggle to switch to a different version of the configuration as stored in git
      # it can be set to any label, branch or commit of the configuration source Git repository
<%_ } _%>
<%_ if (serviceDiscoveryConsul) { _%>
  cloud:
    consul:
      discovery:
        prefer-ip-address: true
      host: localhost
      port: 8500
<%_ } _%>
<%_ if (databaseTypeSql && !reactive) { _%>
  datasource:
    type: com.zaxxer.hikari.HikariDataSource
    url: <%- prodJdbcUrl %>
    username: <%- prodDatabaseUsername %>
    password: <%- prodDatabasePassword %>
    hikari:
      poolName: Hikari
      auto-commit: false
  <%_ if (prodDatabaseTypeMysql || prodDatabaseTypeMariadb || prodDatabaseTypeMssql) { _%>
      data-source-properties:
        cachePrepStmts: true
        prepStmtCacheSize: 250
        prepStmtCacheSqlLimit: 2048
        useServerPrepStmts: true
  <%_ } _%>
<%_ } _%>
<%_ if (databaseTypeMongodb) { _%>
  data:
    mongodb:
      uri: mongodb://localhost:27017/<%= baseName %><% if (reactive) { %>?waitQueueMultiple=1000<% } %>
<%_ } _%>
<%_ if (databaseTypeCassandra) { _%>
  cassandra:
    contact-points: localhost
    compression: LZ4
    keyspace-name: <%= baseName %>
    local-datacenter: datacenter1
<%_ } _%>
<%_ if (searchEngineElasticsearch) { _%>
  elasticsearch:
    uris: http://localhost:9200
<%_ } _%>
<%_ if (databaseTypeCouchbase) { _%>
  couchbase:
    connection-string: couchbase://localhost
    username: Administrator
    password: password
<%_ } _%>
<%_ if (databaseMigrationLiquibase) { _%>
  # Replace by 'prod, faker' to add the faker context and have sample data loaded in production
  liquibase:
    contexts: prod
  <%_ if (databaseTypeSql && reactive) { _%>
    url: <%- prodJdbcUrl %>
  <%_ } _%>
<%_ } _%>
<%_ if (generateUserManagement) { _%>
  mail:
    host: localhost
    port: 25
    username:
    password:
<%_ } _%>
<%_ if (databaseTypeSql && reactive) { _%>
  r2dbc:
    url: <%- prodR2dbcUrl %>
    username: <%- prodDatabaseUsername %>
    password: <%- prodDatabasePassword %>
<%_ } _%>
  thymeleaf:
    cache: true

# ===================================================================
# To enable TLS in production, generate a certificate using:
# keytool -genkey -alias <%= baseName.toLowerCase() %> -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650
#
# You can also use Let's Encrypt:
# See details in topic "Create a Java Keystore (.JKS) from Let's Encrypt Certificates" on https://maximilian-boehm.com/en-gb/blog
#
# Then, modify the server.ssl properties so your "server" configuration looks like:
#
# server:
#   port: 443
#   ssl:
#     key-store: classpath:config/tls/keystore.p12
#     key-store-password: password
#     key-store-type: PKCS12
#     key-alias: selfsigned
#     # The ciphers suite enforce the security by deactivating some old and deprecated SSL cipher, this list was tested against SSL Labs (https://www.ssllabs.com/ssltest/)
#     ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
# ===================================================================
server:
  port: <%= serverPort %>
  shutdown: graceful # see https://docs.spring.io/spring-boot/reference/web/graceful-shutdown.html#web.graceful-shutdown
  compression:
    enabled: true
    mime-types: text/html,text/xml,text/plain,text/css,application/javascript,application/json,image/svg+xml
    min-response-size: 1024

# ===================================================================
# JHipster specific properties
#
# Full reference is available at: https://www.jhipster.tech/common-application-properties/
# ===================================================================

jhipster:
<%_ if (applicationTypeGateway && cacheProviderHazelcast && serviceDiscoveryAny) { _%>
  gateway:
    rate-limiting:
      enabled: false
  <%_ if (!reactive) { _%>
    authorized-microservices-endpoints: # Access Control Policy, if left empty for a route, all endpoints will be accessible
      app1: /api # recommended prod configuration
  <%_ } _%>
<%_ } _%>
  http:
    cache: # Used by the CachingHttpHeadersFilter
      timeToLiveInDays: 1461
<%_ if (databaseTypeCouchbase) { _%>
  database:
    couchbase:
      bucket-name: <%= baseName %>
      scope-name: <%= camelizedBaseName %>
<%_ } _%>
<%_ if (!cacheProviderNo) { _%>
  cache: # Cache configuration
  <%_ if (cacheProviderHazelcast) { _%>
    hazelcast: # Hazelcast distributed cache
      time-to-live-seconds: 3600
      backup-count: 1
  <%_ } _%>
  <%_ if (cacheProviderEhcache) { _%>
    ehcache: # Ehcache configuration
      time-to-live-seconds: 3600 # By default objects stay 1 hour in the cache
      max-entries: 1000 # Number of objects in each cache entry
  <%_ } _%>
  <%_ if (cacheProviderCaffeine) { _%>
    caffeine: # Caffeine configuration
      time-to-live-seconds: 3600 # By default objects stay 1 hour in the cache. This sets expireAfterWrite in Caffeine (https://github.com/ben-manes/caffeine/wiki/Eviction#time-based)
      max-entries: 1000 # Number of objects in each cache entry
  <%_ } _%>
  <%_ if (cacheProviderInfinispan) { _%>
    infinispan:
      config-file: default-configs/default-jgroups-tcp.xml
      statsEnabled: true
      # local app cache
      local:
        time-to-live-seconds: 3600 # By default objects stay 1 hour (in seconds) in the cache
        max-entries: 1000 # Number of objects in each cache entry
      # distributed app cache
      distributed:
        time-to-live-seconds: 3600 # By default objects stay 1 hour (in seconds) in the cache
        max-entries: 1000 # Number of objects in each cache entry
        instance-count: 2
      # replicated app cache
      replicated:
        time-to-live-seconds: 3600 # By default objects stay 1 hour (in seconds) in the cache
        max-entries: 1000 # Number of objects in each cache entry
  <%_ } _%>
  <%_ if (cacheProviderMemcached) { _%>
    memcached:
      enabled: true
      servers: localhost:11211
      expiration: 300
      use-binary-protocol: true
  <%_ } _%>
  <%_ if (cacheProviderRedis) { _%>
    redis: # Redis configuration
      expiration: 3600 # By default objects stay 1 hour (in seconds) in the cache
      server: redis://localhost:6379
      cluster: false
      # server: redis://localhost:6379,redis://localhost:16379,redis://localhost:26379
      # cluster: true
  <%_ } _%>
<%_ } _%>
<%_ if (serviceDiscoveryEureka) { _%>
  registry:
    password: admin
<%_ } _%>
<%_ if (authenticationTypeJwt) { _%>
  security:
    authentication:
      jwt:
        # This token must be encoded using Base64 and be at least 256 bits long (you can type `openssl rand -base64 64` on your command line to generate a 512 bits one)
        # As this is the PRODUCTION configuration, you MUST change the default key, and store it securely:
        <%_ if (serviceDiscoveryEureka) { _%>
        # - In the JHipster Registry (which includes a Spring Cloud Config server)
        <%_ } else { _%>
        # - In the Consul configserver
        <%_ } _%>
        # - In a separate `application-prod.yml` file, in the same folder as your executable JAR file
        # - In the `JHIPSTER_SECURITY_AUTHENTICATION_JWT_BASE64_SECRET` environment variable
        base64-secret: <%= jwtSecretKey %>
        # Token is valid 24 hours
        token-validity-in-seconds: 86400
        token-validity-in-seconds-for-remember-me: 2592000
<%_ } _%>
<%_ if (authenticationTypeSession && !reactive) { _%>
  security:
    remember-me:
      # security key (this key should be unique for your application, and kept secret)
      key: <%= rememberMeKey %>
<%_ } _%>
<%_ if (generateUserManagement) { _%>
  mail: # specific JHipster mail property, for standard properties see MailProperties
    base-url: http://my-server-url-to-change # Modify according to your server's URL
<%_ } _%>
  logging:
    use-json-format: false # By default, logs are not in Json format
    logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
      enabled: false
      host: localhost
      port: 5000
      ring-buffer-size: 512
# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
# to have type-safe configuration, like in the JHipsterProperties above
#
# More documentation is available at:
# https://www.jhipster.tech/common-application-properties/
# ===================================================================

# application:
